To:  McCasland,  Mark[McCasland. Mark@epa.gov] 

From:  WaterlSAC 

Sent:  Tue  8/11/2015  7:00:44  PM 

Subject:  August  1 1 , 201 5 WaterlSAC  Pro  Update 


August  11,  2015 


Water  Sector  Incidents  & current  Threats 

Gold  King  Mine  Waste  Spill 

On  August  5,  while  investigating  the  Gold  King  Mine  near  Durango,  Colorado,  an  EPA  cleanup 
team  triggered  a large  release  of  3 million  gallons  of  mine  wastewater  into  Cement  Creek,  which 
flows  into  the  Animas  River.  The  Animas  River  joins  the  San  Juan  River  in  Farmington,  NM, 
and  then  join  the  Colorado  River  at  Lake  Powell.  The  release's  plume  contains  arsenic,  lead, 
copper,  and  cadmium.  EPA  officials  announced  yesterday  afternoon  that  aerial  and  ground 
reconnaissance  indicates  the  plume  has  dissipated  downstream  and  there  is  no  leading  edge  of 
contamination  visible  in  downstream  sections  of  the  San  Juan  River  or  Lake  Powell. 

Access  to  the  Animas  and  San  Juan  rivers,  which  support  many  private  wells,  livestock,  farms 
and  communities,  will  be  closed  until  at  least  August  17.  At  the  mine  site,  EPA  diverted  some  of 
the  discharge  into  ponds  and  is  treating  it  by  lowering  acidity  levels  and  removing  dissolved 
metals.  Also,  EPA  reports  is  has  seen  no  indication  of  widespread  fish  mortality  in  the  Animas  or 
San  Juan.  EPA  Region  8 Administrator  Shaun  McGrath  says  long-term  monitoring  will  be 
required. 

EPA  is  posting  updates  on  its  Region  8 website,  and  other  information  is  available  on  an  EPA 
On  Scene  Coordinator  site.  A New  Mexico  Environment  Department  web  page  also  contains 
spill-related  information. 

General  Security  & Resilience 

Terror  Threat  Level  in  the  U.S.  “as  High  as  It’s  Ever  Been,”  According  to 
House  Homeland  Security  Committee  Report 

The  U.S.  House  Homeland  Security  Committee  has  released  its  Terror  Threat  Snapshot  for 
August  2015.  This  latest  report  notes  that  there  have  been  more  U.S. -based  jihadist  terror  cases 
in  201 5 than  in  any  full  year  since  September  1 1 , 2001  and  that,  among  these,  the  Islamic  State 
has  been  linked  to  14  terror  plots  and  63  arrests  or  indictments  in  the  U.S.  Based  on  these  and 
other  findings,  the  report  concludes  that  “the  terror  threat  level  in  the  U.S.  homeland  is  as  high 
as  it’s  ever  been.”  The  Committee  began  releasing  these  products  in  June  2015  to  note 
significant  terrorism  and  counterterrorism  news  and  to  provide  analyses  of  statistics  and  trends. 
Read  more  at  WaterlSAC. 


(U//FOUO)  Disrupted  Bomb  Plot  in  Germany  Reinforces  Value  of 
Suspicious  Activity  Reporting 
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DHS  has  provided  an  Intelligence  Assessment  reflecting  on  a recently  uncovered  bomb  plot  in 
Germany.  It  uses  this  case  to  highlight  the  potential  tradecraft  that  might  be  employed  by 
terrorist  operatives  and  homegrown  violent  extremists  in  attempts  to  acquire  precursor  materials 
or  conduct  preoperational  surveillance.  It  addresses  behaviors  associated  with  the  acquisition  of 
explosive  precursors  and  it  emphasizes  that  vigilance  about  suspicious  activity  enables  the 
disruption  of  plotting  by  extremists.  (Restricted  to  U.S.  entities.)  Read  more  at  WaterlSAC. 

Report  Highlights  Severe  Economic  Risks  from  Climate  Change  in 
Southeast  and  Texas 

On  July  28,  the  Risky  Business  Project  released  a new  report,  Come  Heat  and  High  Water, 
highlighting  the  severe  economic  risks  from  climate  change  to  the  economies  of  the 
Southeastern  U.S.  and  Texas.  The  Risky  Business  Project  focuses  on  quantifying  and 
publicizing  the  economic  risks  from  the  impacts  of  a changing  climate.  The  report’s  authors  say 
there  is  no  single  top-line  number  that  represents  the  cost  of  climate  change  to  the  Southeastern 
economy  as  a whole.  Instead,  the  report  addresses  the  impacts  state-by-state  and  looks  at  the 
specific  risks  each  faces  from  climate  change  due  to  rising  temperatures.  For  instance,  the 
authors  write,  “During  the  past  30  years,  the  typical  Floridian  has  experienced  an  average  of 
seven  days  per  year  with  temperatures  above  95°F.  But  by  2020-2039,  that  number  is  likely  to 
reach  up  to  32  such  days.”  This,  they  say,  will  drive  down  labor  productivity  and  overall  quality 
of  life  in  Florida. 

All  of  the  12  states  will  experience  additional  high-heat  days,  changes  in  precipitation,  declines 
in  agricultural  productivity,  increases  in  electricity  demand  and  cost,  heat-related  increases  in 
mortality  and  decreases  in  labor  productivity.  Coastal  states  will  experience  inundation  from 
higher  mean  sea  levels  and  high  tide  lines.  Read  more  at  WaterlSAC. 


Cybersecurity 

(TLP:  GREEN)  Malware  IPs  and  Domains  Collected  from  State  and  Local 
Government  - Week  of  August  3,  201 5 

The  Multi-State  ISAC  has  released  a spreadsheet  of  several  malicious  IP  addresses  and 
domains  it  has  collected  across  a number  of  state  and  local  government  agencies  in  the  week  of 
August  3,  2015.  It  also  contains  previously  reported  IP  addresses  that  are  now  considered  safe. 
Also  included  are  recommended  actions.  Read  more  at  WaterlSAC. 

Inside  the  Aftermath  of  the  Saudi  Aramco  Breach 

Three  years  ago,  Saudi  Aramco  suffered  a massive  cyber  attack.  Malware  partially  wiped  out  or 
destroyed  the  hard  drives  of  35,000  of  the  company’s  computers.  In  a presentation  at  the 
annual  Black  Hat  USA  conference  on  August  6,  former  Aramco  consultant  Christina  Kubecka 
described  how  the  company  responded  in  the  days  after  the  attack.  Dark  Reading. 

Password  Exploit  Possible  From  Incomplete  Implementation  of 
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Microsoft  Security  Bulletin  MS14-025 


US-CERT  advises  that  it  is  aware  of  continued  exploitation  of  insecurely  stored  passwords  in 
Group  Policy  Preferences,  due  to  incomplete  implementations  of  Microsoft  Security  Bulletin 
MS14-025.  Systems  may  still  be  vulnerable  to  exploitation  if  administrators  have  not  cleared  all 
previously  stored  passwords  from  their  environment.  An  attacker  may  decrypt  these  passwords 
and  use  them  to  gain  escalated  privileges.  US-CERT  strongly  recommends  that  administrators 
employ  the  PowerShell  script  provided  in  Microsoft  Knowledge  Base  Article  2962486  and  follow 
the  included  instructions  for  clearing  all  "CPassword"  preferences  from  their  environment.  US- 
CERT. 

Mozilla  Releases  Security  Updates  for  Firefox  and  Firefox  ESR 

The  Mozilla  Foundation  has  released  security  updates  to  address  a critical  vulnerability  in  the 
built-in  PDF  Viewer  for  Firefox  and  Firefox  ESR.  Exploitation  of  the  vulnerability  may  allow  an 
attacker  to  read  and  steal  sensitive  local  files  on  the  victim's  computer.  Available  updates 
include  Firefox  39.0.3  and  Firefox  ESR  38.1.1  US-CERT  encourages  users  and  administrators 
to  review  the  Security  Advisory  for  Firefox  and  Firefox  ESR  and  apply  the  necessary  updates. 
US-CERT. 

Microsoft  Releases  Security  Bulletin  Summary  for  August  2015 

Today,  Microsoft  released  its  summary  of  security  bulletins  for  August  2015.  Users  and 
administrators  are  encouraged  to  review  the  July  bulletins  and  implement  corrective  actions  as 
necessary.  Microsoft. 

Waterisac  Events 

Learn  More  about  Top  Recommended  Cybersecurity  Practices  during 
Next  Water  Sector  Cyber  Threat  Briefing 

Wednesday,  August  26,  2015,  2:00  - 3:00  PM  ET 

On  Wednesday,  August  26,  WaterlSAC  will  convene  its  next  monthly  Water  Sector  Cyber 
Threat  Briefing.  During  this  and  the  following  two  monthly  briefings,  U.S.  Department  of 
Homeland  Security  ICS-CERT  will  discuss  the  recommended  practices  in  WaterlSAC's 
recently  released  W Basic  Cybersecurity  Measures ; Best  Practices  to  Reduce  Exploitable 
Weaknesses  andAttacks.  The  top  three  recommendations  from  the  document  will  be 
covered  this  month;  ICS-CERT,  which  provided  input  into  the  guide,  noted  that 
implementation  of  these  practices  likely  would  have  detected  the  issues,  prevented  the 
vulnerabilities,  and  averted  the  resulting  impacts  related  to  most  cybersecurity  incidents. 
The  webcast  will  also  cover  ICS  security  incidents,  emerging  threats,  new  vulnerabilities 
in  the  water  sector,  situational  awareness  updates  and  opportunities  for  additional 
support  and  learning.  Also  presenting  will  be  iSIGHT  Partners.  Register  at  WaterlSAC. 

NEW  Events 

2015  Cybersecurity  Innovation  Forum  Hosted  by  NIST 
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September  9-1 1 , 201 5 (Washington,  DC) 

The  2015  Cybersecurity  Innovation  Forum,  taking  place  at  the  Washington,  DC  Convention 
Center,  September  9-11, 2015,  is  a three-day  event  hosted  by  the  National  Institute  of 
Standards  and  Technology  (NIST)  and  planned  with  the  National  Security  Agency  and  the 
Department  of  Homeland  Security.  This  event  will  bring  government  and  industry  together  to 
focus  on  current,  emerging,  and  future  challenges,  technologies,  projects,  solutions,  and 
research  in  trusted  computing,  security  automation,  and  information  sharing.  Tracks  include 
lectures,  panel  sessions  and  live  demonstrations.  Learn  more  and  register. 

other  Upcoming  Events 

Critical  Infrastructure  Cyber  Community  Voluntary  Program:  Protecting 
Your  Small  and  Midsize  Business  from  Cyber  Threats 

Wednesday,  August  19,  2015,  1:00  - 2:30  PM  ET 

On  August  19,  the  DHS  Critical  Infrastructure  Cyber  Community  (C3)  invites  critical 
infrastructure  partners  to  attend  the  next  installment  in  its  2015  webinar  series, 
"Protecting  Your  Small  and  Midsize  Business  from  Cyber  Threats."  During  the  webinar, 
attendees  will  learn  about  free,  easy-to-use  government  and  private  sector  tools  to  help 
identify  and  mitigate  cyber  risks  for  small  or  midsize  businesses.  A flyer  for  this  event 
has  been  posted  to  the  WaterlSAC  portal.  The  event  organizers  ask  interested  parties 
email  RSVPs  to  CCubedVP@hq.dhs.gov  by  August  18,  2015.  Click  here  at  the  time  of  the 
event  to  attend. 


Water  Contaminant  Information  Tool  (WCIT)  Training 

January  through  December  2015  (Various  Dates) 

On  various  dates  from  January  to  December,  the  U.S.  EPA  will  offer  virtual  training  on  the  Water 
Contaminant  Information  Tool  (WCIT).  Attendees  will  learn  what  WCIT  is,  who  can  use  WCIT, 
and  how  WCIT  can  be  used  to  prepare  for  and  respond  to  water  contamination  incidents.  The 
training  will  be  delivered  via  teleconference,  and  participants  will  drive  their  own  computers 
while  receiving  navigation  instructions  from  the  host.  Therefore,  an  active  WCIT  account  is  a 
prerequisite  for  this  training.  WaterlSAC  Pro  members  have  access  to  WCIT  via  the  WaterlSAC 
portal.  Register  at  U.S.  EPA. 

2015  International  Levee  Handbook  Webinar  Series 

April  through  August  2015  (Various  Dates) 

From  April  through  August,  the  Levee  Safety  Coalition  is  offering  a series  of  webinars  on 
the  International  Levee  Handbook  (ILH),  with  each  webinar  covering  a specific  topic 
presented  by  the  lead  authors  of  the  corresponding  ILH  chapter.  The  ILH  is  a 
compendium  of  international  best  practices  and  guidelines  related  to  the  design, 
construction,  operation,  maintenance,  and  improvement  of  levees.  It  summarizes  more 
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than  five  years  of  work  by  a multi-disciplinary  team  of  experts  supported  by  an 
international  peer  review  process.  These  webinars,  which  are  complimentary  and  open  to 
the  general  public,  are  recorded  and  archived  for  future  reference  and  access.  Visit  the 
Association  of  State  Dam  Safety  Officials  Website  for  complete  schedule  and 
registration. 

2015  International  Water  and  Climate  Change  Forum 

December  7-9,  2015  (San  Diego,  CA) 

National  and  international  drinking  water  and  wastewater  associations  and  its  supporters 
and  partners  are  hosting  the  2015  International  Water  & Climate  Forum  on  December  7-9 
in  San  Diego.  Focusing  on  informed  implementation  of  climate  adaptation  and  mitigation 
strategies,  the  forum  will  feature  an  exchange  of  knowledge,  applications  and  innovative 
practices  about  climate  adaptation  and  mitigation  strategies  and  measures;  exposure  to 
a wide  spectrum  of  these  current  and  planned  implementation  approaches  underway  at 
urban  utilities  around  the  world.  Speakers  will  include  utility  managers,  climate 
scientists,  researchers,  policymakers  and  others.  Learn  more  at  the  forum  website. 
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